-
August 7th, 2003, 12:28 PM
#1
Heads Up**Backdoor.WinShell.50
Hi Guys..
As per my usual Heads up.. only Higher risk Threats are listed here.. ie Symantec's Cat 2 or higher.. I have not included the links to the McAfee and KAV reports on this one..
Backdoor.WinShell.50
Symantec Info Page
This ones entry is due to its damage capability.
Threat Assesment
Wild:- Low
Damage:- Medium
Distribution:- Low
Threat containment: Easy
Removal: Moderate
Damage
Payload:
Compromises security settings: Allows unauthorized commands to be remotely executed.
Summary of Threat
Backdoor.WinShell.50 is a server program that allows unauthorized access to an infected computer.
The Backdoor will listen on port 8719.
This piece of malware, along with Trojan.Stealther, has recently been found on systems which have been exploited by the Microsoft DCOM RPC vulnerability.
NOTE: Virus definitions dated August 6, 2003 may detect this as Backdoor.Winshell.
Also Known As: Backdoor.Winshell.50 [KAV], BackDoor-TC [McAfee]
Type: Trojan Horse
Infection Length: 14,168 bytes
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
Technical Details
Opens Port 8719 to listen for remote commands that it will issue to a command shell.
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 7th, 2003, 04:53 PM
#2
Didn't mean to steal your thunder- I searched on the McAfee name (Stealther) before posting my thread.
This one is pretty sneaky because once you have it it is very hard to tell if you have it. You almost need to boot all machines to Safemode to check them out.
-
August 8th, 2003, 12:09 PM
#3
Thats why I couldn't find it..
But then again I have been getting a bit lazy
cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|